• Welcome, Guest. Please login.
 
May 07, 2021, 11:26:51 PM

News:

Welcome to the SQLitening support forums!


Anti-Hacking Protection

Started by mikedoty, September 05, 2008, 12:19:12 PM

Previous topic - Next topic

mikedoty

Anti-Hacking Protection
Abyss uses do not monitor requests from an IP list
and has a bad requests count before banning with
a monitoring period and a banning duration.
Would make a nice addition if used on the internet.

JoeByrne

I can see this.  However, wouldn't this be best in the application layer than at the database layer?

mikedoty

September 05, 2008, 04:37:47 PM #2 Last Edit: September 05, 2008, 04:43:08 PM by mikedoty
A  little program can be written that sends thousands of requests to any IP and port.
I'm not talking about the code we write, but those people with too much time on there hands.
Some checks in the server code might slow them down or block them.
I wrote a program that filled my log very quickly with garbage.
With local IP addresses this probably isn't even needed, but I'm talking about on the internet.

Paul Squires


Bruce Huber

Security is always a good idea, but I wouldn't waste too much time on this feature, for a few reasons...

DOS attacks are generally launched from 'bots today.  If attacked, you might get several thousand simultaneous hits, but they are coming from several thousand different machines.  If you have attracted this kind of attention, you were either caught messing around with the girlfriend of member of the Russian Mafia, or your site is so profitable that you can afford the specialized front-end servers (NetScaler, etc.) that handle attacks of this nature.

Your site is probably not going to be extremely popular because of an app that directly accesses a SQLitening server across the internet.  Most people, sitting behind their corporate firewalls, are only able to initiate outbound connections on port 80 and port 443 - Plus the fact that their traffic is analyzed to ensure that it is legitimate HTTP or HTTP traffic - And discarded if it is not - (and then the security goons start showing up at your cubicle and you become enmeshed in a Dilbert scenario).  This means that your internet traffic will consist of users coming from relatively insecure SMB sites and houses.  And how many of those are going to sit down and irritate their ISP and the FBI by writing a traffic flooder that is going to originate all of the traffic from their own PC?

Hacking is more likely than a DOS attack.  I haven't looked at the all of the SQLitening functions to see if it is viable to do so, but with this type of data server, the best security would be obscurity.  If an invalid, or malformed, request comes in; FLUSH IT and DO NOT RESPOND.  If you do not give a hacker any information to work with, they go away rather quickly.

Respectfully,
Bruce

Fred Meier

Mike is correct that invalid requests are logged.  Next version of SQLitening will address (correct) this.  I will follow Bruce's suggestion, that is to just ignore invalid requests.

mikedoty